package org.mapwar.web.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.client.RestTemplate;

/**
 * Created by zhebinwang on 2017/9/27.
 */

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

//    @Autowired
//    private Environment env;

//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws exception {
//        auth.authenticationProvider(authenticationProvider());
//    }
//
//    @Bean
//    public CustomAuthenticationProvider authenticationProvider(){
//        return new CustomAuthenticationProvider(restTemplate(), env);
//    }



    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.headers()
                .frameOptions().sameOrigin()  //控制是否可以用iframe的
                .httpStrictTransportSecurity().disable();
        http.authorizeRequests()
//                .anyRequest().permitAll()
//                .anyRequest().authenticated()
//                .and()
//                .formLogin()
//                .loginPage("/login.jsp")
//                .permitAll()
//                .loginProcessingUrl("/v1/login")
//                .failureUrl("/login?error")
//                .defaultSuccessUrl("/index.jsp", false)
//                .permitAll()
                .antMatchers("/v1/**", "/").permitAll()
                .and()
                .logout()
                .deleteCookies("language")
                .logoutSuccessUrl("/login")
                .permitAll()
                .and().csrf().disable();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/js/**")
                .antMatchers("/css/**")
                .antMatchers("/images/**");
    }
}


